-----BEGIN PGP SIGNED MESSAGE----- Matt Cramer wrote:
My company has a /20 out of the traditional Class C space. We want to use those addresses rather than the addresses our ISP would give us. We have asked the ISP if they can announce a /24 out of that block, and they have said "sure". However, I have read here about announcement filtering.
Will certain providers filter that /24? We have two reasons for using our own space. First, we can get redundancy by connecting with two ISPs and having them both announce the network (or have one announce if the other dies).
Multi-homing redundancy is a good thing, assuming that you have undertaken multiple service entrances to your facilities, and prevented your circuits from being "groomed" into the same cable elsewhere. Several such concerns have been described recently on this list. Otherwise, your multi-homing makes no sense. Experience has shown that failures are more likely to occur in your local facilities than in the provider(s).
Second, we can carve up our /20 in /24s and use them for different Internet POPs for our company (e.g. one in the states, one in Europe, one in the Pacific Rim, etc.).
A /20 that is split up into /24s should be filtered! REMEMBER: IP addresses are related to network TOPOLOGY, not your company administration. Dividing a set of "related" addresses into unrelated topology (split by oceans) increases the routing costs of everyone else.
I am primarily a security person but unfortunately our LAN and WAN people know less about this than I so I am trying to decide what we should do. Any help or information about the logical design I mentioned would be greatly appreciated.
What you should do is this: look up the adjacent /20 and offer to give them the addresses. They might make better use of them. (I cannot tell which /20 you might be talking about, as you don't seem to use them for your DNS, using ATT, PSI, and others instead.) BTW: I see that your company is a major DNS polluter, registering many business terms in .com .net and .org, and pirating the ArmstrongSucks .com .net .org. No actual servers seem to be present.... Are there really international .net operators that hate Armstrong? And your company funds and hosts the discussion? -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 iQCVAwUBOT0+P9m/qMj6R+sxAQHZ9wQAzapYaxxTdxXq51n23qtezTmNoNi/WnoA ugAaHWaXwdhgm9nkLtVLRYpWoL4ZN1Owl0gyNheyvAaUHwrmnxgdbYBdKeggRvRa 8UxK4zh8O/wQpTVKhwpl2Ywg7/YwSdHk9/o2suN+OlX8ddBIm2rrdWRjshj38GbD WrYWA9mfJhQ= =ilMq -----END PGP SIGNATURE-----